Anomaly Detection

Unit description

This unit aims to introduce models of normal network behaviour, anomaly detection, and the process of combining and screening anomalies over space and time.

It will provide the mathematical & statistical underpinnings of anomaly detection for cybersecurity data. It will cover the following topics: dynamic network models, fundamentals of hypothesis testing, combining and screening anomalies, Bayesian methods, Monte-Carlo approaches. In coursework assignments, students will use network, point process and cluster models to find anomalies in real cyber security data.

Relation to other units

This is a new unit for 2018/19

Learning objectives

  1. To recognise and apply a range of models for dynamic network data, and their estimation
  2. To understand core anomaly detection concepts and tools, including mastering theory and interpretation of hypothesis tests, controlling false positive rates and performing meta-analysis
  3. To apply these anomaly detection tools to analyse real large-scale data and report the results

Reading and References

  • Casella, George, and Roger L. Berger. Statistical inference. Vol. 2. Pacific Grove, CA: Duxbury, 2002.
  • Daley, D. J., and D. Vere-Jones. An Introduction to the Theory of Point Processes: Volume I: Elementary Theory and Methods, Springer, New York, 2003.
  • Kolaczyk, E. D. Statistical analysis of network data: Methods and Models. Springer, New York, 2009.
  • Friedman, Jerome, Trevor Hastie, and Robert Tibshirani. The elements of statistical learning. (2nd edition), Springer, New York, 2009.
  • Heard, Nicholas A., et al. "Bayesian anomaly detection methods for social networks." The Annals of Applied Statistics 4.2 (2010): 645-662.

Unit code: MATHM0030 
Level of study: M/7
Credit points: 10 credit points
Teaching block (weeks): 1 (7-12)
Lecturer: Dr Patrick Rubin-Delanchy

Pre-requisites

Probability 1, Statistics 1 and Statistics 2 (or equivalent)

Co-requisites

None

Methods of teaching

Lectures and Problems Classes.

Methods of Assessment

  • 80% Exam 
  • 20% Coursework

For information resit arrangements, please see the re-sit page on the intranet.

Please use these links for further information on relative weightingand marking criteria.

Further exam information can be found on the Maths Intranet.

Edit this page